Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Dan Ballance <tzewang.dorje@xxxxxxxxx>
- Date: Fri, 11 Nov 2011 23:10:37 +0000
Okay, now I'm confused! From
http://oss.coresecurity.com/projects/impacket.html
"Impacket is a collection of Python classes focused on providing access to
network packets. Impacket allows Python developers to craft and decode
network packets in simple and consistent manner. It includes support for
low-level protocols such as IP, UDP and TCP, as well as higher-level
protocols such as NMB and SMB. Impacket is highly effective when used in
conjunction with a packet capture utility or package such as
Pcapy<http://oss.coresecurity.com/projects/pcapy.html>.
Packets can be constructed from scratch, as well as parsed from raw data.
Furthermore, the object oriented API makes it simple to work with deep
protocol hierarchies."
Thanks for your input Antony. Can you explain why impacket has nothing to
do with crafting UDP packets?
Fascinating thread this. Thanks to all!!
dan :)
On 11 November 2011 22:42, Antony widmal <antony.widmal@xxxxxxxxx> wrote:
You are definitely a lamer secn3t._______________________________________________
Also for you little brain, impacket has nothing to do with crafting UDP
packets..
Thanks for proving this again and again.
On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
well look at that :P
not same author but , nice coding predelka! good one, i will add you
to crazycoders.com coderslist... i guess there is a few codes you have
now done wich might be useful... cheers.
xd
On 12 November 2011 05:43, Ryan Dewhurst <ryandewhurst@xxxxxxxxx> wrote:
An attempt at a possible MS11-083 DoS/PoC exploit, by @hackerfantastic:Vilas
http://pastebin.com/fjZ1k0fi
On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God)
<thor@xxxxxxxxxxxxxxx> wrote:
Yeah, I gotta say, I’m going to use it at some point ;)
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Mario
TCP/IPSent: Friday, November 11, 2011 9:02 AM
To: Ryan Dewhurst
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in
wrote:Could Allow Remote Code Execution (2588516)
I liked the "heavy breather in the perv closet" bit.
On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst <ryandewhurst@xxxxxxxxx
wrote:
I think Jon just said what everyone else was thinking, he said what I
was thinking at least.
On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz@xxxxxxxxx>
49daysOn Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
About the PPS, i think thats a very bad summary of the exploit,
goalto send a packet, my butt.
There is many people assuming wrong things, when it can be done with
seconds, syscanner would scan a -b class in minutes, remember it only
has to find the vulns, gather, then it would break scan, and trigger
vuln... so in real world botnet, yes then, with tcpip patchers, like
somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks....
and it is ONLY one wich actually works, when you maybe modify the src
so the sys file, is dropped from within a .cpp file, well thats up to
you but thats better way to make it work, this will open
sockets/threads, as i could, easily proove with one exe, but, the
withis, to trigger the vuln then exploit it, less than 49days :P , so ,
iguess if this exploit, in real form, gathered 2 million hosts over 3
nights.. i guessing that the exploit, could possibly be triggered
thing,ONE properly setup packet.. people forget that, a packet is one
the enemyand a crafted UDP packet, is quite another..
I'd really like to see you actually explain this bug with code. Either
with a poc or with the disassembly. You seem to act like you know
what's going on, but so far your description has been off base (from
what I can make of your writing).
No one cares about paragraphs of speculation and bragging, code or you
are just another heavy breather in the perv closet of FD.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
“There's a reason we separate military and the police: one fights
the militaryof the state, the other serves and protects the people. When
becomes both, then the enemies of the state tend to become the people.”
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- References:
- [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Henri Salo
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Georgi Guninski
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Darren Martyn
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: xD 0x41
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Georgi Guninski
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Thor (Hammer of God)
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Sergito
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: xD 0x41
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Jon Kertz
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Ryan Dewhurst
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Mario Vilas
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Thor (Hammer of God)
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Ryan Dewhurst
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: xD 0x41
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Antony widmal
- [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- Prev by Date: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- Next by Date: [Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability
- Previous by thread: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- Next by thread: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- Index(es):
Relevant Pages
|
